The WebFilings Github Console allows the members of the organization who do not possess admin rights to create private repositories, add and remove teams from those repositories, and add and remove users from those teams.
The app can be set up so that certain teams are automatically added to a newly created private repository.
The console also provides logs of what actions were performed by which user. These logs can be filtered by date range. A regular digest of logs can be sent to a specific email as a CRON job. The filtered logs can be manually emailed to a specific email address.
Before uploading the app to GAE, open app.yaml
and enter the exact name of the Github organization in the space to the right of the ORG
environment variable.
To set up the CRON job that sends a daily email to a specific address, enter the address to the right of the ADMIN_EMAIL
environment variable.
Save and close app.yaml
.
Next, go to Github.com and create an application. You'll need the client_id
and client_secret
for the next step.
Create a file called client_secrets.json
and fill it out according to the instructions at https://developers.google.com/api-client-library/python/guide/aaa_client_secrets.
Since client_secrets.json
is listed in the .gitignore
file, it will NOT be committed via Git.
To automatically add certain teams to new private repositories, get the id's of the teams, and place them in a comma separated format within the square brackets in repo.py
on line 69
.
Upload the app to GAE.
To activate the app, a user who belongs to the Owners
team in the organization needs to log in via the console. They will be directed to the Github auth page, where they will need to provide their credentials. Once they have been authorized, their access token will be stored by the app in Google's Datastore and used by the app to perform actions (e.g. create new private repo) on their behalf.
Any user belonging to the organization (i.e. not an admin) can then log in and access all the features of the app.
Once a user has logged in, they will see an interface with a list of all the private repositories belonging to the organization.
Above the main listing window, there is a Create Private Repo
button. Pressing it will bring up a modal allowing the user to specify the name of the private repository they'd like to create and a short description of the repository.
Underneath the Create Private Repo
button, there is a Display Logs
button. Clicking it will bring up a modal that shows the most recent logs. There are options that allow the user to filter the date range of the logs. An option exists which allows the user to send all logs, or the filtered logs to an email address.
A regular digest of all logs is sent out automagically to the specified recipient (setup instructions above).
Next to the listing of each private repo, there is an Edit Access
button. Clicking on it will bring up a modal that allows the user to add a team belonging to the organization to the repo. Once added, the user can then change the access permission of that team. Note that this changes the access of the team to all other repositories that it is connected to.
Access levels can be either Push
or Pull
.
At the top of the Edit Access
modal, there are 2 tabs โ Teams
and Team Members
.
If the user clicks on the Team Members
tab, they will see a tab where organization members can be added or removed from a team.
The top selection box allows the user to select the team that they'd like to edit. The second selection box contains the existing members of that team. Next to each team member name is a Remove
button. Clicking it will remove that member from the team.
The third selection box contains the names of all members in the organization who are not members of the team. The user can select multiple members by holding down the Command
or Shift
keys and making a selection. Clicking Add
at the bottom of the modal will add those members to the team.